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REMARKS 

Applicants have received the Office Action mailed May 4, 2007. Claims 1-5, 7-12 and 14-22 are 
pending, of which claims 1, 12, 19, 20, 21 and 22 are independent. Applicants request reconsideration 
of the pending claims in view of the following remarks. 

Claim Reiection^35 U.S.C. § 103 

The initial Office Action mailed October 4, 2006, rejected various claims under 
35 U.S.C. § 102(e) over U.S. Patent No. 6,487,552 ("Lei"). On February 5, 2007, Applicants filed 
amendments and arguments in response to the 102(e) rejections of the original independent claims. The 
current Office Action, mailed May 4, 2007, withdrew the original 102(e) rejections and replaced them 
with rejections under 35 U.S.C. § 103(a) over Lei, in view of U.S. Patent No. 6,968,571 ("Devine"). As 
outlined in greater detail below, the combination of Lei and Devine neither addresses all elements of the 
currently pending claims, nor does the combination of Lei and Devine render the currently pending 
claims obvious. Accordingly, Applicants request further consideration in view of the following remarks. 

Independent claim 1 recites, inter alia, receiving a search query for information in a manner that 
identifies which one of multiple knowledge bases that stores the information; and building a search 
request that contains the received search query and a security pattern obtained from a security service, 
the security service being configured to control access to information in each of the multiple knowledge 
bases and further configured to provide the security pattern by a) retrieving a security strategy associated 
with the identified knowledge base, the security strategy identifying one or more control entities that are 
authorized to access the identified knowledge base; b) retrieving a security profile corresponding to each 
of the one or more control entities, each such security profile including an attribute; and c) generating 
the security pattern from attributes in the one or more retrieved security profiles. 

The current Office Action rejected claim 1, in part, as follows: 

As per independent claims 1, 19 and 21, LEI, in combination with DEVINE, discloses: 

A computer-implemented method for retrieving information from a knowledge base, the 
method comprising: 

receiving a search query for information in a manner that identifies which one of 
multiple knowledge bases that stores the information (See LEI, C6:L65-C8:L31I}; 
(Office Action mailed May 4, 2007, at pages 2-3.) 
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Nowhere does the above-cited portion of Lei (col. 6, line 65, to col. 8, line 31) discuss multiple 
knowledge bases, much less receiving a search query that identifies a particular knowledge base from 
among multiple knowledge bases. This is important. It is not obvious to take Lei's access-control 
techniques for a single database (e.g., database 202, illustrated in FIG. 2), and extend them to create a 
flexible filtering and access-control framework for multiple knowledge bases, as Applicants have done. 
Lei's system, without modification, would not work in an environment of multiple knowledge bases, in 
the manner Applicants have claimed. The Examiner did not at all address this deficiency in Lei, and 
Devine adds nothing that cures the deficiency. Accordingly, for this reason alone, the current rejection 
of claim 1 is improper. 

The current Office Action further rejected claim 1, in part, as follows: 



As per independent claims 1, 19 and 21, LEI, in combination with DEVINE, discloses: 

building a search request that contains the received search query and a security 

pattern {See LEI, C14:L4-32, wherein this reads over "[t]he policy function then selectively adds 

one or more predicates to the received query"} obtained from a security service, the 

security service being configured to control access to information in each of the 

multiple knowledge bases {See DEVINE, C3:L21-22, wherein this reads over "centralized user 

authentication to insure that the user has valid access to the system"; and C3:L35-45, wherein this 

reads over "the set of remote services available for each user is unique and depends on each user's 

subscriptions to the services"} and further configured to provide the security pattern bv 

a) retrieving a security strategy associated with the identified knowledge base, 
the security strategy identifying one or more control entities (See LEI, C11:L13-29, 

wherein this reads over "a security policy may allow special classes of users to have special context 
modification privileges, or have special rules that govern certain types of context attributes"} that 
are authorized to access the identified knowledge base (see DEVINE, C16:L46-55, 
wherein this reads over "[t]he entitlements represent specific services the user has subscribed and 
has privilege to access**}; 

b) retrieving a security profile corresponding to each of the one or more control 
entities, each such security profile including an attribute {See DEVINE, C16:L46-55, 

wherein this reads over "describes what entitlements the user may have within any single service"}; 
and 

c) generating the security pattern from attributes in the one or more retrieved 

security profiles {See DEVINE, C3:L46-67, wherein this reads over "the user information is 
maintained for the duration of a logon session, allowing both the backplane and the client 
applications to access the information as needed throughout the duration of the session"; and 
C16:L56-C17:L6, wherein this reads over "the backplane stores the user specific entitlements in the 
memory for other processes to access"}; and 
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While LEI may not expressly disclose the retrieval of a security profile and the generation of a 
security pattern from attributes in the retrieved security profiles, DEVINE provides a system wherein a 
user's entitlements to various remote services is determined and used to validate access to said remote 
services. Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the above invention suggested by LEI by combining it with the invention 
disclosed by DEVINE. The results of this combination would lead to a method wherein the user logon 
information may be used in identifying the user as a control entity to a specified knowledge base. With 
said information, the corresponding security profile may be retrieved and a security pattern generated 
from said retrieved security profile. 

One of ordinary skill in the art would have been motivated to do this modification so that a 
search query may only be executed upon knowledge bases to which the user has security access to. 
(Office Action mailed May 4, 2007, at pages 2-4.) 



As quoted above, the Examiner acknowledged that Lei does not "expressly disclose the retrieval 
of a security profile and the generation of a security pattern from attributes in the retrieved security 
profiles," so the Examiner turned to Devine for this element, apparently as follows: 



c) generating the security pattern from attributes in the one or more retrieved 

security profiles {See DEVINE, C3:L46-67, wherein this reads over "the user information is 

maintained for the duration of a logon session, allowing both the backplane and the client 

applications to access the information as needed throughout the duration of the session"; and 

C16:L56-C17:L6, wherein this reads over "the backplane stores the user specific entitlements in the 

memory for other processes to access"}; and ... 

(Office Action mailed May 4, 2007, at page 3.) 



Maintaining user information "for the duration of a logon session, allowing both the backplane and the 
client applications to access the information as needed throughout the duration of the session" and 
storing "the user specific entitlements in the memory for other processes to access" neither anticipates 
nor renders obvious "generating the security pattern from attributes in the one or more retrieved security 
profiles." These cited portions relate to storing access parameters that are already determined', the 
claim element in question is directed to a specific method of generating a pattern that can be used to 
control access. 

Rather that suggesting Applicants' invention, the combination of Lei and Devine is much closer 
to conventional systems Applicants described by way of background. Thus, the combination of Lei and 
Devine actually teaches away from Applicants' invention. In particular, Applicants described by way of 
background that "[one] option is to maintain access lists associated with a particular user or application, 
wherein the access lists contain references to each document to which the user or application has 
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access." (Originally filed specification, page 2, lines 7-9.) Applicants noted specific drawbacks to such 
an approach. In particular, Applicants noted that "it often takes time and effort to maintain these types 
of access lists. In addition, the lists are typically very specialized to the types of users or applications 
that exist in a particular run-time system." (Originally filed specification, page 2, 9-11.) Applicants 
subsequently described improved methods for controlling access, which are the subject of the current 
claims. 

Access lists of the kind distinguished by Applicants in their specification appear to be the focus 
of the portions of Devine cited by the Examiner. For example, to reject the "retrieving a security 
profile" element, the Examiner provided the following: 

b) retrieving a security profile corresponding to each of the one or more control 

entities, each such security profile including an attribute {See DEVINE, C16:L46-55, 

wherein this reads over "describes what entitlements the user may have within any single service"}; 

and 

(Office Action mailed May 4, 2007, at page 3) 

In context, Devine at col. 16, starting at line 46 says: "Referring again to FIG. 10, the backplane 
communicates with the StarOE server 49 to retrieve the user's entitlements in step 308. The 
entitlements represent specific services the user has subscribed and has privilege to access. It also 
describes what entitlements the user may have within any single service." (Devine, col. 16, lines 46-51.) 
Here, "entitlements" are directly associated with a single user, as is clear from further context provided 
in col. 3, starting at line 46: "The present invention includes a user object to represent a current user 
logged onto the system. This user object, inter alia, is responsible for obtaining from a remote server the 
current user's information including the users entitlements to various remote services. The backplane 
uses the entitlement information to provide only those services available to the user. As explained 
previously, the backplane will not enable the services to which the user does not have entitlements, 
effectively blocking the user from accessing those services." (Devine, col. 3, lines 46-55.) 

Applicants recite a method that is very different from accessing a list of "entitlements" that is 
directly associated with an individual user. In particular, as recited in the current form of claim 1 , a 
method for retrieving information can include, inter alia, providing and using a security pattern by a) 
retrieving a security strategy associated with the identified knowledge base, the security strategy 
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identifying one or more control entities that are authorized to access the identified knowledge base; b) 
retrieving a security profile corresponding to each of the one or more control entities, each such security 
profile including an attribute; and c) generating the security pattern from attributes in the one or more 
retrieved security profiles. 

The specific method recited by Applicants' claim 1 gives rise to significant advantages that are 
not contemplated or possible by Lei or Devine or the combination of Lei and Devine. In particular, 
Applicants' claimed methods for managing access to multiple different knowledge bases can be 
performed from a single location, where access controls can be easily maintained and modified using 
security strategies that can be associated with specific knowledge bases and security profiles that 
correspond to control entities included in the security strategies. 

Accordingly, for at least the reasons outline above, Applicants respectfully submit that 
independent claim 1 and the corresponding dependent claims 2-5 and 7-1 1 are patentable over the 
combination of Lei and Devine and ask the Examiner to withdraw the rejections based on Lei and 
Devine. Independent claims 12, 19, 20, 21 and 22 recite similar language as that discussed above with 
reference to independent claim 1 . Therefore, claims 12, 19, 20, 21 and 22 are believed to be patentable 
over the combination of Lei and Devine for substantially the same reasons provided above with 
reference to amended independent claim 1 . Applicants ask for the withdrawal of the rejection based on 
the combination of Lie and Devine of independent claims 12, 19, 20, 21 and 22 and of the corresponding 
dependent claims 14-18. 

Conclusion 

Applicants respectfully submit that pending claims 1-5, 7-12 and 14-22 are in condition for 
allowance and request that the Examiner allow them. 

It is believed that all of the pending issues have been addressed. However, the absence of a reply 
to a specific rejection, issue or comment does not signify agreement with or concession of that rejection, 
issue or comment. In addition, because the arguments made above may not be exhaustive, there may be 
reasons for patentability of any or all pending claims (or other claims) that have not been expressed. 
Finally, nothing in this paper should be construed as an intent to concede any issue with regard to any 
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claim, except as specifically stated in this paper, and the amendment of any claim does not necessarily 
signify concession of unpatentability of the claim prior to this amendment. 

No fees are believed to be due at this time. Please apply any other charges or credits to deposit 
account 06-1050. 
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